A major security vulnerability for Linux has just come to light, it has to do with one of Linux’s mainstay programs; Sudo. The vulnerability was discovered by Joe Vennix from Apple Information Security and a fix has already been developed and released, at the time of writing, in Sudo version 1.8.28. Sudo is a Linux based program used to allow users to run programs using the security privileges of another user. Its main use is to give restricted user accounts the ability to run certain specified commands with root, or another account, privileges. Sudo accomplishes this by giving each created using a user id (UID) from the username, with the actual root user having UID = 0, this is accomplished with a function programmed within Sudo.
The vulnerability showed that by entering -1, or in its unsigned form of 4294967295, for your UID the function will incorrectly treat it as 0, therefore, granting root privileges. Now although is an attack is potent it is only applicable to users who have command privileges granted to them via Sudo and only those commands can be exploited in this manner.